CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
10.09.2012 TurboFTP Server PORT Command Buffer Overflow Exploit TurboFTP Server is prone to a buffer-overflow when processing a malformed PORT command. NOCVE-9999-54992 Exploits/Remote Windows
10.08.2012 HP Lifecycle Management XGO ActiveX SetShapeNodeType Type Method Exploit Type Confusion vulnerability in XGO.ocx ActiveX control in HP Lifecycle Management in the method SetShapeNodeType allowing user-specified memory to be used as an object. NOCVE-9999-54991 Exploits/Client Side Windows
10.03.2012 Novell File Reporter NFRAgent VOL Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54601 Exploits/Remote Windows
10.03.2012 Novell File Reporter NFRAgent PATH Tag Buffer Overflow Exploit The vulnerability exists within NFRAgent.exe listening on TCP port 3037. When parsing tags inside the PATH element, the process performs insufficient bounds checking on user-supplied data prior to copying it on the stack. NOCVE-9999-54842 Exploits/Remote Windows
10.01.2012 HP Intelligent Management Center UAM sprintf Buffer Overflow Exploit A stack buffer overflow exists in HP Intelligent Management Center's uam.exe service which listens on port UDP/1811. The vulnerability is due to lack of validation of a string passed to sprintf. NOCVE-9999-54499 Exploits/Remote Windows
09.30.2012 Microsoft Word MSCOMCTL TabStrip Control Use-after-free Exploit(MS12-060) Update A Memory Corruption in Microsoft Word is caused due to an error within the TabStrip ActiveX control (MSCOMCTL.OCX) object, embedded in a RTF crafted file. This update adds support for Impact 12.5. CVE-2012-1856 Exploits/Client Side Windows
09.30.2012 PHP apache_request_headers Function Buffer Overflow Exploit This module exploits a buffer overflow in PHP. The specific flaw is in the apache_request_handlers() function. The apache_request_handlers() function fails to validate the length of certain headers in the HTTP request and blindly copy all the string received in the vulnerable header to the stack causing a buffer overflow. CVE-2012-2329 Exploits/Remote Windows
09.26.2012 HP OpenView Performance Agent coda.exe Opcode 0x8C Buffer Overflow Exploit A buffer overflow exists in coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. CVE-2012-2020 Exploits/Remote Windows
09.25.2012 Cisco Linksys PlayerPT ActiveX Control Buffer Overflow Exploit Update This module exploits a vulnerability in the PlayerPT.ocx module included in the Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera application. The exploit is triggered when the SetSource() method processes a crafted argument resulting in a buffer overflow. This update adds support for Internet Explorer 8 and 9 and Windows 7, detected automatically. CVE-2012-0284 Exploits/Client Side Windows
09.18.2012 Microsoft Internet Explorer Exec Function Use After Free Exploit A use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability. This is an early release module. This is not the final version of this module. CVE-2012-4969 Exploits/Client Side Windows
09.17.2012 Internet Explorer Same ID Property Remote Code Execution Exploit Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object. CVE-2012-1875 Exploits/Client Side Windows
09.17.2012 Microsoft Internet Explorer Fixed Table Col Span Exploit (MS12-037) Microsoft Internet Explorer 8 is prone to a heap overflow vulnerability caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code. CVE-2012-1876 Exploits/Client Side Windows
09.16.2012 HP OpenView Performance Agent coda.exe Opcode 0x34 Buffer Overflow Exploit A buffer overflow exists in coda.exe process which listens on a random TCP port by default. The process trusts a value within a GET request as a size then proceeds to copy that many bytes of user-supplied data into a fixed-length buffer on the stack. CVE-2012-2019 Exploits/Remote Windows
09.09.2012 Microsoft Word MSCOMCTL TabStrip Control Use-after-free Exploit(MS12-060) A Memory Corruption in Microsoft Word is caused due to an error within the TabStrip ActiveX control (MSCOMCTL.OCX) object, embedded in a RTF crafted file. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-1856 Exploits/Client Side Windows
09.03.2012 Symantec LiveUpdate Administrator Local Privilege Escalation Exploit This module exploits a privilege escalation vulnerability in Symantec LiveUpdate Administrator. CVE-2012-0304 Exploits/Local Windows
08.30.2012 FreeBSD NFS Client Privilege Escalation Exploit The NFS client subsystem in FreeBSD fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted. This may cause a kernel stack overflow that can be exploited by local users to gain root privileges. CVE-2010-2020 Exploits/Local FreeBSD
08.30.2012 Oracle Java Beans Statement Remote Code Execution Exploit Update An AccessControlContext attribute in the java.beans.Statement class of Oracle Java can be overwritten by unprivileged applets by using specially crafted Java Beans Expressions and Statements, even when the AccessControlContext attribute is declared as final. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-4681 Exploits/Client Side Windows, Linux, Mac OS X
08.29.2012 Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow Exploit A buffer overflow vulnerability found in the AutoVue.ocx ActiveX control due in strcpy function in the SetMarkupMode method, when handling a specially crafted sMarkup argument. CVE-2012-0549 Exploits/Client Side Windows
08.27.2012 Microsoft Visio Viewer DXF File Buffer Overflow Exploit (MS12-059) Microsoft Visio Viewer is prone to a buffer-overflow when handling specially crafted DXF files. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-1888 Exploits/Client Side Windows
08.27.2012 Linux Kernel compat_alloc_user_space Privilege Escalation Exploit The "compat_alloc_user_space" function, which belongs to the 32-bit compatibility layer for 64-bit versions of Linux, can produce a stack pointer underflow when it's called with an arbitrary length input. This vulnerability can be used by local unprivileged users to corrupt the kernel memory in order to gain root privileges. CVE-2010-3081 Exploits/Local Linux
08.26.2012 Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow Exploit Ricoh DC's DL-10 SR10 FTP Server is prone to a buffer-overflow vulnerability when handling data through the USER command. This can be exploited by supplying a long string of data to the affected command. NOCVE-9999-53623 Exploits/Remote Windows
08.26.2012 Oracle Java Beans Statement Remote Code Execution Exploit An AccessControlContext attribute in the java.beans.Statement class of Oracle Java can be overwritten by unprivileged applets by using specially crafted Java Beans Expressions and Statements, even when the AccessControlContext attribute is declared as final. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation. CVE-2012-4681 Exploits/Client Side Windows, Linux, Mac OS X
08.23.2012 Conficker Detector Exploit Update This module connects to a remote target via any exposed DCE RPC endpoints and fingerprints them to determine if the machine appears to be compromised by the Conficker worm. This update adds RPT capabilities. NOCVE-9999-37300 Exploits/Remote Windows
08.22.2012 Oracle Java Field Access Bytecode Verifier Cache Remote Code Execution Exploit An error in the way the bytecode verifier of Java validates field access instructions when preparing to JIT-compile a method can be abused to cause a type confusion vulnerability. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user. CVE-2012-1723 Exploits/Client Side Windows, Linux
08.22.2012 Linux Kernel IA32 Syscall Emulation Privilege Escalation Exploit This module exploits a vulnerability in Linux for x86-64. The IA32 system call emulation functionality does not zero-extend the EAX register after the 32bit entry path to ptrace is used, which might allow local users to trigger an out-of-bounds access to the system call table using the RAX register and escalate privileges. This vulnerability is a regression of CVE-2007-4573. CVE-2010-3301 Exploits/Local Linux
08.21.2012 Xenorate XPL File Buffer Overflow Exploit Xenorate is prone to a buffer-overflow. The program fails to properly sanitize user-supplied input with a specially crafted XPL file. NOCVE-9999-53630 Exploits/Client Side Windows
08.15.2012 Csound hetro File Handling Stack Buffer Overflow Exploit Buffer overflow in Csound exists when trying to import a malicious hetro file in tabular format. In order to achieve exploitation the user should import the malicious file through csound with a console command like: "csound -U het_import project.csd file.het". NOCVE-9999-53507 Exploits/Client Side Windows
08.15.2012 Interactive Graphical SCADA System Command Injection Exploit This module exploits a command injection vulnerability in Interactive Graphical SCADA System and install an agent into the target machine. CVE-2011-1566 Exploits/Remote Windows
08.13.2012 Samba LsarSetInformationPolicy Request Remote Buffer Overflow Exploit This module exploits a heap overflow bug in Samba Server by sending a crafted request packet via DCERPC call. CVE-2012-1182 Exploits/Remote Linux
08.06.2012 IBM Lotus iNotes ActiveX Control Buffer Overflow Exploit IBM Lotus iNotes ActiveX control dwa85W.dll is vulnerable to a buffer overflow via a long argument to the Attachment_Times method. CVE-2012-2175 Exploits/Client Side Windows

Pages